Lucene search

K
DebianDebian Linux

9134 matches found

CVE
CVE
added 2014/04/23 3:55 p.m.61 views

CVE-2014-2327

Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users.

6.8CVSS8.8AI score0.00424EPSS
CVE
CVE
added 2014/10/02 2:55 p.m.61 views

CVE-2014-7154

Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.

6.1CVSS5.9AI score0.00905EPSS
CVE
CVE
added 2014/12/01 3:59 p.m.61 views

CVE-2014-8866

The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.

4.7CVSS5AI score0.00093EPSS
CVE
CVE
added 2016/05/13 4:59 p.m.61 views

CVE-2014-9764

imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file.

7.5CVSS7AI score0.01608EPSS
CVE
CVE
added 2016/05/13 4:59 p.m.61 views

CVE-2015-8312

Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes.

7.8CVSS7.1AI score0.0004EPSS
CVE
CVE
added 2016/04/13 4:59 p.m.61 views

CVE-2015-8807

Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vector...

6.1CVSS5.8AI score0.00676EPSS
CVE
CVE
added 2016/09/22 3:59 p.m.61 views

CVE-2016-6525

Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.

9.8CVSS8.9AI score0.05362EPSS
CVE
CVE
added 2018/04/13 4:29 p.m.61 views

CVE-2017-0372

Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.

9.8CVSS9.6AI score0.58957EPSS
Web
CVE
CVE
added 2017/10/18 2:29 a.m.61 views

CVE-2017-15571

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data.

6.1CVSS6.8AI score0.00517EPSS
CVE
CVE
added 2017/12/27 5:8 p.m.61 views

CVE-2017-17866

pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF do...

7.8CVSS6.8AI score0.00288EPSS
CVE
CVE
added 2017/02/24 4:59 a.m.61 views

CVE-2017-6302

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow."

7.8CVSS7.3AI score0.0036EPSS
CVE
CVE
added 2017/11/15 8:29 a.m.61 views

CVE-2017-8810

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks ...

7.5CVSS8.2AI score0.00997EPSS
CVE
CVE
added 2017/05/08 2:29 p.m.61 views

CVE-2017-8844

The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.

7.8CVSS8.1AI score0.00356EPSS
CVE
CVE
added 2018/05/07 2:29 a.m.61 views

CVE-2018-10771

Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

9.8CVSS9.8AI score0.00956EPSS
CVE
CVE
added 2018/05/26 9:29 p.m.61 views

CVE-2018-11503

The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

5.5CVSS5.2AI score0.00515EPSS
CVE
CVE
added 2018/05/26 9:29 p.m.61 views

CVE-2018-11504

The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

5.5CVSS5.2AI score0.00241EPSS
CVE
CVE
added 2018/06/29 2:29 p.m.61 views

CVE-2018-13006

An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump.

9.8CVSS9.3AI score0.00697EPSS
CVE
CVE
added 2018/09/28 12:29 a.m.61 views

CVE-2018-16586

In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources.

4.3CVSS5.2AI score0.00583EPSS
CVE
CVE
added 2018/09/12 1:29 a.m.61 views

CVE-2018-16947

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, includ...

9.8CVSS9.5AI score0.01565EPSS
CVE
CVE
added 2018/12/17 7:29 p.m.61 views

CVE-2018-20185

In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits.

5.3CVSS5.2AI score0.00896EPSS
CVE
CVE
added 2018/03/07 11:29 p.m.61 views

CVE-2018-7752

GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100.

7.8CVSS7.5AI score0.00213EPSS
CVE
CVE
added 2018/03/08 6:29 p.m.61 views

CVE-2018-7870

An invalid memory address dereference was discovered in getString in util/decompile.c in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

6.5CVSS7AI score0.00664EPSS
CVE
CVE
added 2018/08/29 1:29 p.m.61 views

CVE-2018-8040

Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions...

5.3CVSS5.8AI score0.09715EPSS
CVE
CVE
added 2019/08/15 5:15 p.m.61 views

CVE-2019-13221

A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.

7.8CVSS8AI score0.00295EPSS
CVE
CVE
added 2021/06/01 7:15 p.m.61 views

CVE-2020-22035

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences.

8.8CVSS9.2AI score0.0057EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.61 views

CVE-2020-28607

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of ...

10CVSS9.2AI score0.00318EPSS
CVE
CVE
added 2020/12/15 6:15 p.m.61 views

CVE-2020-29479

An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guest...

8.8CVSS8.4AI score0.00046EPSS
CVE
CVE
added 2021/07/19 5:15 p.m.61 views

CVE-2020-36425

An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.

5.3CVSS6.6AI score0.00299EPSS
CVE
CVE
added 2020/03/23 9:15 p.m.61 views

CVE-2020-8865

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the params[template] parameter, the process doe...

6.5CVSS6.3AI score0.03897EPSS
CVE
CVE
added 2021/08/18 1:15 p.m.61 views

CVE-2021-21838

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that caus...

8.8CVSS8.8AI score0.00198EPSS
CVE
CVE
added 2021/08/18 1:15 p.m.61 views

CVE-2021-21846

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsz” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer ...

8.8CVSS8.8AI score0.00509EPSS
CVE
CVE
added 2021/08/18 1:15 p.m.61 views

CVE-2021-21858

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow ...

8.8CVSS8.8AI score0.00238EPSS
CVE
CVE
added 2021/12/22 7:15 p.m.61 views

CVE-2021-40393

An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file...

10CVSS9.4AI score0.00332EPSS
CVE
CVE
added 2021/11/09 1:15 p.m.61 views

CVE-2021-43114

FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation.

7.5CVSS7.7AI score0.00566EPSS
CVE
CVE
added 2022/12/23 11:3 p.m.61 views

CVE-2022-43600

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability a...

8.1CVSS9.1AI score0.0034EPSS
CVE
CVE
added 2023/03/01 3:15 p.m.61 views

CVE-2023-24751

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

6.5CVSS6AI score0.00296EPSS
CVE
CVE
added 2023/03/01 3:15 p.m.61 views

CVE-2023-24754

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

5.5CVSS5.4AI score0.00028EPSS
CVE
CVE
added 2023/10/09 5:15 a.m.61 views

CVE-2023-45363

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and con...

7.5CVSS7.1AI score0.09034EPSS
CVE
CVE
added 2024/02/14 10:15 p.m.61 views

CVE-2023-48733

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.

6.7CVSS6.7AI score0.00013EPSS
CVE
CVE
added 2025/05/07 4:15 p.m.61 views

CVE-2024-47619

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tls_wildcard_match() matches on certificates such as foo.*.bar although that is not allowed. It is also possible to pass partial wildcards such as foo.a*c.bar which glib matches but should be avoided / invalidated. This issue could have an...

7.5CVSS7.2AI score0.00061EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.60 views

CVE-1999-0374

Debian GNU/Linux cfengine package is susceptible to a symlink attack.

2.1CVSS6.9AI score0.00117EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.60 views

CVE-1999-0730

The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.

10CVSS6.6AI score0.01021EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.60 views

CVE-1999-0732

The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links.

2.1CVSS6.8AI score0.00135EPSS
CVE
CVE
added 2000/01/18 5:0 a.m.60 views

CVE-1999-0743

Trn allows local users to overwrite other users' files via symlinks.

2.1CVSS6.7AI score0.00112EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.60 views

CVE-2000-0289

IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection.

5CVSS6.7AI score0.00826EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.60 views

CVE-2001-0886

Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.

4.6CVSS7.7AI score0.00228EPSS
CVE
CVE
added 2005/09/30 10:5 a.m.60 views

CVE-2005-3106

Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec.

4.7CVSS4.8AI score0.00078EPSS
CVE
CVE
added 2008/01/12 2:46 a.m.60 views

CVE-2007-6284

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

5CVSS5.9AI score0.05559EPSS
CVE
CVE
added 2009/03/31 6:24 p.m.60 views

CVE-2009-1073

nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.

5.5CVSS5.2AI score0.00212EPSS
CVE
CVE
added 2019/11/12 8:15 p.m.60 views

CVE-2010-3438

libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server.

9.8CVSS9.7AI score0.00527EPSS
Total number of security vulnerabilities9134